npm - @mars-stack/cli - Versions diffs - 0.2.0 → 1.0.2 - Mend

@mars-stack/cli 0.2.0 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (175) hide show

package/dist/index.js +137 -12
package/dist/index.js.map +1 -1
package/package.json +4 -3
package/template/.cursor/rules/composition-patterns.mdc +186 -0
package/template/.cursor/rules/data-access.mdc +29 -0
package/template/.cursor/rules/project-structure.mdc +34 -0
package/template/.cursor/rules/security.mdc +25 -0
package/template/.cursor/rules/testing.mdc +24 -0
package/template/.cursor/rules/ui-conventions.mdc +29 -0
package/template/.cursor/skills/add-api-route/SKILL.md +122 -0
package/template/.cursor/skills/add-audit-log/SKILL.md +375 -0
package/template/.cursor/skills/add-blog/SKILL.md +447 -0
package/template/.cursor/skills/add-command-palette/SKILL.md +438 -0
package/template/.cursor/skills/add-component/SKILL.md +158 -0
package/template/.cursor/skills/add-crud-routes/SKILL.md +221 -0
package/template/.cursor/skills/add-e2e-test/SKILL.md +227 -0
package/template/.cursor/skills/add-error-boundary/SKILL.md +472 -0
package/template/.cursor/skills/add-feature/SKILL.md +174 -0
package/template/.cursor/skills/add-middleware/SKILL.md +135 -0
package/template/.cursor/skills/add-page/SKILL.md +151 -0
package/template/.cursor/skills/add-prisma-model/SKILL.md +148 -0
package/template/.cursor/skills/add-protected-resource/SKILL.md +192 -0
package/template/.cursor/skills/add-role/SKILL.md +156 -0
package/template/.cursor/skills/add-server-action/SKILL.md +167 -0
package/template/.cursor/skills/add-webhook/SKILL.md +192 -0
package/template/.cursor/skills/build-complete-feature/SKILL.md +227 -0
package/template/.cursor/skills/build-dashboard/SKILL.md +211 -0
package/template/.cursor/skills/build-data-table/SKILL.md +283 -0
package/template/.cursor/skills/build-form/SKILL.md +231 -0
package/template/.cursor/skills/build-landing-page/SKILL.md +248 -0
package/template/.cursor/skills/configure-ai/SKILL.md +617 -0
package/template/.cursor/skills/configure-analytics/SKILL.md +413 -0
package/template/.cursor/skills/configure-dark-mode/SKILL.md +309 -0
package/template/.cursor/skills/configure-email/SKILL.md +170 -0
package/template/.cursor/skills/configure-email-verification/SKILL.md +333 -0
package/template/.cursor/skills/configure-feature-flags/SKILL.md +361 -0
package/template/.cursor/skills/configure-i18n/SKILL.md +518 -0
package/template/.cursor/skills/configure-jobs/SKILL.md +500 -0
package/template/.cursor/skills/configure-magic-links/SKILL.md +385 -0
package/template/.cursor/skills/configure-multi-tenancy/SKILL.md +611 -0
package/template/.cursor/skills/configure-notifications/SKILL.md +569 -0
package/template/.cursor/skills/configure-oauth/SKILL.md +217 -0
package/template/.cursor/skills/configure-onboarding/SKILL.md +483 -0
package/template/.cursor/skills/configure-payments/SKILL.md +243 -0
package/template/.cursor/skills/configure-realtime/SKILL.md +733 -0
package/template/.cursor/skills/configure-search/SKILL.md +581 -0
package/template/.cursor/skills/configure-storage/SKILL.md +273 -0
package/template/.cursor/skills/configure-two-factor/SKILL.md +518 -0
package/template/.cursor/skills/create-execution-plan/SKILL.md +204 -0
package/template/.cursor/skills/create-seed/SKILL.md +191 -0
package/template/.cursor/skills/deploy-to-vercel/SKILL.md +300 -0
package/template/.cursor/skills/design-tokens/SKILL.md +138 -0
package/template/.cursor/skills/mars-capture-conversation-context/SKILL.md +119 -0
package/template/.cursor/skills/setup-billing/SKILL.md +322 -0
package/template/.cursor/skills/setup-project/SKILL.md +104 -0
package/template/.cursor/skills/setup-teams/SKILL.md +682 -0
package/template/.cursor/skills/test-api-route/SKILL.md +219 -0
package/template/.cursor/skills/update-architecture-docs/SKILL.md +99 -0
package/template/AGENTS.md +104 -0
package/template/ARCHITECTURE.md +102 -0
package/template/docs/QUALITY_SCORE.md +20 -0
package/template/docs/design-docs/conversation-as-system-record.md +70 -0
package/template/docs/design-docs/core-beliefs.md +43 -0
package/template/docs/design-docs/index.md +8 -0
package/template/docs/exec-plans/active/.gitkeep +0 -0
package/template/docs/exec-plans/completed/.gitkeep +0 -0
package/template/docs/exec-plans/tech-debt.md +7 -0
package/template/docs/generated/.gitkeep +0 -0
package/template/docs/product-specs/index.md +7 -0
package/template/docs/references/index.md +18 -0
package/template/e2e/api.spec.ts +20 -0
package/template/e2e/auth.spec.ts +24 -0
package/template/e2e/public.spec.ts +25 -0
package/template/eslint.config.mjs +24 -0
package/template/next-env.d.ts +6 -0
package/template/next.config.ts +45 -0
package/template/package.json +80 -0
package/template/playwright.config.ts +31 -0
package/template/postcss.config.mjs +8 -0
package/template/prisma/generated/prisma/browser.ts +49 -0
package/template/prisma/generated/prisma/client.ts +73 -0
package/template/prisma/generated/prisma/commonInputTypes.ts +406 -0
package/template/prisma/generated/prisma/enums.ts +15 -0
package/template/prisma/generated/prisma/internal/class.ts +254 -0
package/template/prisma/generated/prisma/internal/prismaNamespace.ts +1240 -0
package/template/prisma/generated/prisma/internal/prismaNamespaceBrowser.ts +190 -0
package/template/prisma/generated/prisma/models/Account.ts +1543 -0
package/template/prisma/generated/prisma/models/File.ts +1529 -0
package/template/prisma/generated/prisma/models/Session.ts +1415 -0
package/template/prisma/generated/prisma/models/Subscription.ts +1455 -0
package/template/prisma/generated/prisma/models/User.ts +2235 -0
package/template/prisma/generated/prisma/models/VerificationToken.ts +1099 -0
package/template/prisma/generated/prisma/models.ts +17 -0
package/template/prisma/schema/auth.prisma +69 -0
package/template/prisma/schema/base.prisma +8 -0
package/template/prisma/schema/file.prisma +15 -0
package/template/prisma/schema/subscription.prisma +17 -0
package/template/prisma.config.ts +13 -0
package/template/scripts/check-architecture.ts +221 -0
package/template/scripts/check-doc-freshness.ts +242 -0
package/template/scripts/ensure-db.mjs +291 -0
package/template/scripts/generate-docs.ts +143 -0
package/template/scripts/generate-env-example.ts +89 -0
package/template/scripts/seed.ts +56 -0
package/template/scripts/update-quality-score.ts +263 -0
package/template/src/__tests__/architecture.test.ts +114 -0
package/template/src/app/(auth)/forgotten-password/page.tsx +92 -0
package/template/src/app/(auth)/layout.tsx +11 -0
package/template/src/app/(auth)/register/page.tsx +162 -0
package/template/src/app/(auth)/reset-password/page.tsx +109 -0
package/template/src/app/(auth)/sign-in/page.tsx +122 -0
package/template/src/app/(auth)/verify/[token]/page.tsx +87 -0
package/template/src/app/(auth)/verify/page.tsx +56 -0
package/template/src/app/(protected)/admin/page.tsx +108 -0
package/template/src/app/(protected)/dashboard/loading.tsx +20 -0
package/template/src/app/(protected)/dashboard/page.tsx +22 -0
package/template/src/app/(protected)/layout.tsx +262 -0
package/template/src/app/(protected)/settings/page.tsx +370 -0
package/template/src/app/api/auth/forgot/route.ts +63 -0
package/template/src/app/api/auth/login/route.ts +121 -0
package/template/src/app/api/auth/logout/route.ts +19 -0
package/template/src/app/api/auth/me/route.ts +30 -0
package/template/src/app/api/auth/reset/route.ts +45 -0
package/template/src/app/api/auth/signup/route.ts +85 -0
package/template/src/app/api/auth/verify/route.ts +46 -0
package/template/src/app/api/csrf/route.ts +12 -0
package/template/src/app/api/health/route.ts +10 -0
package/template/src/app/api/protected/admin/users/route.ts +24 -0
package/template/src/app/api/protected/billing/checkout/route.ts +83 -0
package/template/src/app/api/protected/billing/portal/route.ts +39 -0
package/template/src/app/api/protected/files/[fileId]/route.ts +86 -0
package/template/src/app/api/protected/files/upload/route.ts +64 -0
package/template/src/app/api/protected/user/password/route.ts +63 -0
package/template/src/app/api/protected/user/profile/route.ts +35 -0
package/template/src/app/api/protected/user/sessions/[sessionId]/route.ts +33 -0
package/template/src/app/api/protected/user/sessions/route.ts +22 -0
package/template/src/app/api/readiness/route.ts +15 -0
package/template/src/app/api/webhooks/stripe/route.ts +166 -0
package/template/src/app/error.tsx +33 -0
package/template/src/app/layout.tsx +29 -0
package/template/src/app/not-found.tsx +20 -0
package/template/src/app/page.tsx +136 -0
package/template/src/app/privacy/page.tsx +178 -0
package/template/src/app/providers.tsx +8 -0
package/template/src/app/terms/page.tsx +139 -0
package/template/src/config/app.config.ts +70 -0
package/template/src/config/routes.ts +17 -0
package/template/src/features/admin/index.ts +11 -0
package/template/src/features/admin/permissions.ts +64 -0
package/template/src/features/auth/context/AuthContext.tsx +96 -0
package/template/src/features/auth/context/index.ts +2 -0
package/template/src/features/auth/index.ts +3 -0
package/template/src/features/auth/server/consent.ts +66 -0
package/template/src/features/auth/server/session-revocation.ts +20 -0
package/template/src/features/auth/server/sessions.ts +66 -0
package/template/src/features/auth/server/user.ts +166 -0
package/template/src/features/auth/types.ts +19 -0
package/template/src/features/auth/validators.ts +29 -0
package/template/src/features/billing/server/index.ts +66 -0
package/template/src/features/billing/types.ts +43 -0
package/template/src/features/uploads/server/index.ts +49 -0
package/template/src/features/uploads/types.ts +26 -0
package/template/src/lib/core/email/templates/base-layout.ts +122 -0
package/template/src/lib/core/email/templates/index.ts +4 -0
package/template/src/lib/core/email/templates/password-reset-email.ts +42 -0
package/template/src/lib/core/email/templates/verification-email.ts +41 -0
package/template/src/lib/core/email/templates/welcome-email.ts +40 -0
package/template/src/lib/mars.ts +56 -0
package/template/src/lib/prisma.ts +19 -0
package/template/src/proxy.ts +92 -0
package/template/src/styles/brand.css +15 -0
package/template/src/styles/globals.css +7 -0
package/template/tsconfig.json +59 -0
package/template/vitest.config.ts +41 -0
package/template/vitest.setup.ts +24 -0

package/template/.cursor/skills/add-audit-log/SKILL.md ADDED Viewed

@@ -0,0 +1,375 @@
+# Skill: Add Audit Log
+Add user action tracking with a Prisma `AuditLog` model, server-side logging helper, admin view, and retention policy.
+## When to Use
+Use this skill when the user asks to add audit logging, activity tracking, compliance logging, user action history, or admin activity monitoring.
+## Prerequisites
+- Read `src/lib/mars.ts` to check available auth wrappers.
+- Read `prisma/schema/` to see existing models.
+## Step 1: Prisma Schema
+```prisma
+// prisma/schema/audit-log.prisma
+model AuditLog {
+  id           String   @id @default(cuid())
+  userId       String?
+  action       String
+  resourceType String
+  resourceId   String?
+  metadata     Json?
+  ipAddress    String?
+  userAgent    String?
+  timestamp    DateTime @default(now())
+  user User? @relation(fields: [userId], references: [id], onDelete: SetNull)
+  @@index([userId])
+  @@index([action])
+  @@index([resourceType])
+  @@index([resourceType, resourceId])
+  @@index([timestamp])
+}
+```
+Update the User model in `prisma/schema/auth.prisma` to add the relation:
+```prisma
+model User {
+  // ... existing fields
+  auditLogs AuditLog[]
+}
+```
+Run `yarn db:push` to sync.
+## Step 2: Audit Log Types
+```typescript
+// src/features/audit-log/types.ts
+export interface AuditEventInput {
+  userId?: string;
+  action: AuditAction;
+  resourceType: string;
+  resourceId?: string;
+  metadata?: Record<string, unknown>;
+  ipAddress?: string;
+  userAgent?: string;
+}
+export type AuditAction =
+  | 'create'
+  | 'read'
+  | 'update'
+  | 'delete'
+  | 'login'
+  | 'logout'
+  | 'login_failed'
+  | 'password_change'
+  | 'password_reset'
+  | 'email_verify'
+  | 'role_change'
+  | 'export'
+  | 'invite'
+  | 'settings_change';
+export interface AuditLogQuery {
+  userId?: string;
+  action?: AuditAction;
+  resourceType?: string;
+  resourceId?: string;
+  startDate?: Date;
+  endDate?: Date;
+  limit?: number;
+  cursor?: string;
+}
+```
+## Step 3: Server-Side Audit Logger
+```typescript
+// src/features/audit-log/server/index.ts
+import 'server-only';
+import { prisma } from '@/lib/prisma';
+import { apiLogger } from '@/lib/mars';
+import type { AuditEventInput, AuditLogQuery } from '../types';
+export async function logAuditEvent(event: AuditEventInput): Promise<void> {
+  try {
+    await prisma.auditLog.create({
+      data: {
+        userId: event.userId,
+        action: event.action,
+        resourceType: event.resourceType,
+        resourceId: event.resourceId,
+        metadata: event.metadata ?? undefined,
+        ipAddress: event.ipAddress,
+        userAgent: event.userAgent,
+      },
+    });
+  } catch (error) {
+    apiLogger.error({ error, event: event.action }, 'Failed to write audit log');
+  }
+}
+export function logAuditEventFromRequest(
+  request: Request,
+  event: Omit<AuditEventInput, 'ipAddress' | 'userAgent'>,
+): Promise<void> {
+  return logAuditEvent({
+    ...event,
+    ipAddress: request.headers.get('x-forwarded-for')?.split(',')[0]?.trim()
+      ?? request.headers.get('x-real-ip')
+      ?? undefined,
+    userAgent: request.headers.get('user-agent') ?? undefined,
+  });
+}
+export async function queryAuditLogs(query: AuditLogQuery) {
+  const where: Record<string, unknown> = {};
+  if (query.userId) where.userId = query.userId;
+  if (query.action) where.action = query.action;
+  if (query.resourceType) where.resourceType = query.resourceType;
+  if (query.resourceId) where.resourceId = query.resourceId;
+  if (query.startDate || query.endDate) {
+    where.timestamp = {};
+    if (query.startDate) (where.timestamp as Record<string, unknown>).gte = query.startDate;
+    if (query.endDate) (where.timestamp as Record<string, unknown>).lte = query.endDate;
+  }
+  const take = Math.min(query.limit ?? 50, 100);
+  return prisma.auditLog.findMany({
+    where,
+    orderBy: { timestamp: 'desc' },
+    take,
+    ...(query.cursor ? { skip: 1, cursor: { id: query.cursor } } : {}),
+    include: {
+      user: { select: { id: true, email: true, name: true } },
+    },
+  });
+}
+export async function cleanupOldAuditLogs(retentionDays: number = 90): Promise<number> {
+  const cutoff = new Date();
+  cutoff.setDate(cutoff.getDate() - retentionDays);
+  const result = await prisma.auditLog.deleteMany({
+    where: { timestamp: { lt: cutoff } },
+  });
+  apiLogger.info({ deleted: result.count, retentionDays }, 'Audit log cleanup completed');
+  return result.count;
+}
+```
+## Step 4: Usage in API Routes
+Integrate audit logging into existing route handlers:
+```typescript
+// Example: in an existing update route
+import { logAuditEventFromRequest } from '@/features/audit-log/server';
+export const PUT = withAuth(async (request, { params }) => {
+  try {
+    const { id } = await params;
+    const body = updateSchema.parse(await request.json());
+    const updated = await updateResource(request.session.userId, id, body);
+    await logAuditEventFromRequest(request, {
+      userId: request.session.userId,
+      action: 'update',
+      resourceType: 'widget',
+      resourceId: id,
+      metadata: { fields: Object.keys(body) },
+    });
+    return NextResponse.json(updated);
+  } catch (error) {
+    return handleApiError(error, { endpoint: '/api/protected/widgets/[id]' });
+  }
+});
+```
+### Auth event logging
+```typescript
+// In login route: src/app/api/auth/login/route.ts
+await logAuditEventFromRequest(request, {
+  userId: user.id,
+  action: 'login',
+  resourceType: 'session',
+});
+// On failed login
+await logAuditEventFromRequest(request, {
+  action: 'login_failed',
+  resourceType: 'auth',
+  metadata: { email: body.email },
+});
+```
+## Step 5: Admin Audit Log API
+```typescript
+// src/app/api/protected/admin/audit-logs/route.ts
+import { handleApiError, withRole } from '@/lib/mars';
+import { queryAuditLogs } from '@/features/audit-log/server';
+import { NextResponse } from 'next/server';
+import { z } from 'zod';
+const querySchema = z.object({
+  userId: z.string().optional(),
+  action: z.string().optional(),
+  resourceType: z.string().optional(),
+  resourceId: z.string().optional(),
+  startDate: z.coerce.date().optional(),
+  endDate: z.coerce.date().optional(),
+  limit: z.coerce.number().int().min(1).max(100).optional(),
+  cursor: z.string().optional(),
+});
+export const GET = withRole(['admin'], async (request) => {
+  try {
+    const url = new URL(request.url);
+    const query = querySchema.parse(Object.fromEntries(url.searchParams));
+    const logs = await queryAuditLogs(query);
+    return NextResponse.json(logs);
+  } catch (error) {
+    return handleApiError(error, { endpoint: '/api/protected/admin/audit-logs' });
+  }
+});
+```
+## Step 6: Cleanup API (Admin)
+```typescript
+// src/app/api/protected/admin/audit-logs/cleanup/route.ts
+import { handleApiError, withRole } from '@/lib/mars';
+import { cleanupOldAuditLogs } from '@/features/audit-log/server';
+import { NextResponse } from 'next/server';
+import { z } from 'zod';
+const cleanupSchema = z.object({
+  retentionDays: z.number().int().min(1).max(365).default(90),
+});
+export const POST = withRole(['admin'], async (request) => {
+  try {
+    const body = cleanupSchema.parse(await request.json());
+    const deleted = await cleanupOldAuditLogs(body.retentionDays);
+    return NextResponse.json({ deleted, retentionDays: body.retentionDays });
+  } catch (error) {
+    return handleApiError(error, { endpoint: '/api/protected/admin/audit-logs/cleanup' });
+  }
+});
+```
+## Step 7: Retention Policy
+Set up automated cleanup using a cron job or scheduled function:
+```typescript
+// src/app/api/cron/audit-cleanup/route.ts
+import { NextResponse } from 'next/server';
+import { constantTimeEqual } from '@mars-stack/core/auth/crypto-utils';
+import { cleanupOldAuditLogs } from '@/features/audit-log/server';
+export async function GET(request: Request) {
+  const authHeader = request.headers.get('authorization') ?? '';
+  const expected = `Bearer ${process.env.CRON_SECRET}`;
+  if (!constantTimeEqual(authHeader, expected)) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+  }
+  const deleted = await cleanupOldAuditLogs(90);
+  return NextResponse.json({ deleted });
+}
+```
+Add to `vercel.json` for Vercel Cron:
+```json
+{
+  "crons": [
+    {
+      "path": "/api/cron/audit-cleanup",
+      "schedule": "0 3 * * 0"
+    }
+  ]
+}
+```
+## Testing
+```typescript
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { logAuditEvent, queryAuditLogs } from './index';
+vi.mock('@/lib/prisma', () => ({
+  prisma: {
+    auditLog: {
+      create: vi.fn(),
+      findMany: vi.fn(),
+      deleteMany: vi.fn(),
+    },
+  },
+}));
+vi.mock('@/lib/mars', () => ({
+  apiLogger: { error: vi.fn(), info: vi.fn() },
+}));
+describe('logAuditEvent', () => {
+  it('creates an audit log entry', async () => {
+    const { prisma } = await import('@/lib/prisma');
+    await logAuditEvent({
+      userId: 'user-1',
+      action: 'create',
+      resourceType: 'widget',
+      resourceId: 'widget-1',
+    });
+    expect(prisma.auditLog.create).toHaveBeenCalledWith(
+      expect.objectContaining({
+        data: expect.objectContaining({
+          userId: 'user-1',
+          action: 'create',
+          resourceType: 'widget',
+        }),
+      }),
+    );
+  });
+  it('does not throw if database write fails', async () => {
+    const { prisma } = await import('@/lib/prisma');
+    (prisma.auditLog.create as ReturnType<typeof vi.fn>).mockRejectedValue(new Error('DB error'));
+    await expect(logAuditEvent({
+      action: 'login',
+      resourceType: 'session',
+    })).resolves.toBeUndefined();
+  });
+});
+```
+## Checklist
+- [ ] `AuditLog` model in Prisma schema with proper indexes
+- [ ] User relation added (with `onDelete: SetNull`)
+- [ ] `logAuditEvent()` and `logAuditEventFromRequest()` helpers created
+- [ ] Server module imports `'server-only'`
+- [ ] Audit logging integrated into key routes (auth, CRUD, admin actions)
+- [ ] Admin query API with filtering and cursor pagination
+- [ ] Cleanup endpoint and retention policy (default 90 days)
+- [ ] Cron job for automated cleanup
+- [ ] Audit logger never throws (fire-and-forget with error logging)
+- [ ] No PII logged in metadata (no passwords, tokens, or full request bodies)
+- [ ] `db:push` run after schema changes
+- [ ] Tests written for audit log service